Re: ssl forms
by Charlotte Gardner <vgardner(at)mindspring.com>
|
| Date: |
Fri, 13 Jul 2001 07:27:20 -0400 |
| To: |
hwg-servers(at)hwg.org |
| Cc: |
Lyle(at)lcrcomputer.com |
| |
todo: View
Thread,
Original
|
|
Hi Lyle,
When I researched this question a couple of years ago,
what I found was that when the SUBMIT calls the secure script,
the SSL connection is initiated between the browser and
the server. After the secure connection is established, then the
form's data is transmitted.
1) From http://www-net.cs.umass.edu/kurose/krithi/7_7.htm
SSL can be set up in form URL as
https://somewhere.org/thing.html
or used in HTML form for ACTION
<form method=POST
action="https://abc.com/cgi_bin/get_credit-card_no" ...>
2) Explanation of SSL process at:
http://cs.anu.edu.au/Student/infs3056/LectureNotes/lecture-13.html
Rgds,
Charlotte Gardner
------------- original message -------------------
Date: Thu, 12 Jul 2001 09:28:29 -0500
From: Lyle <Lyle(at)lcrcomputer.com>
Subject: ssl forms
I asked a question on a different forum and thought someone here may know
the answer already.
I saw some websites asking for credit card info via a non-secure form page,
but the submit called a secure form. Now, my understanding was that hitting
submit on the browser from the non-secure form sent the info to the
webserver to then pass to the secure form, via http and not https. It was
my understanding that the form info was sent prior to calling up the secure
form and is passed to the secure via the submit function.
Some of those on that other forum stated that the info would be secured
because you are submitting to a secure page(https). I haven't had time to
verify this via a sniffer, but was wondering if anyone here has tested this
to know for sure.
Lyle
HWG: hwg-servers mailing list archives,
maintained by Webmasters @ IWA